[grid] Add registration secret to the New Session Queuer

java/server/src/org/openqa/selenium/grid/commands/Hub.java

@@ -31,6 +31,7 @@
 import org.openqa.selenium.grid.log.LoggingOptions;
 import org.openqa.selenium.grid.router.ProxyCdpIntoGrid;
 import org.openqa.selenium.grid.router.Router;
+import org.openqa.selenium.grid.security.Secret;
 import org.openqa.selenium.grid.security.SecretOptions;
 import org.openqa.selenium.grid.server.BaseServerOptions;
 import org.openqa.selenium.grid.server.EventBusOptions;
@@ -130,6 +131,7 @@ protected Handlers createHandlers(Config config) {
 
     BaseServerOptions serverOptions = new BaseServerOptions(config);
     SecretOptions secretOptions = new SecretOptions(config);
+    Secret secret = secretOptions.getRegistrationSecret();
 
     URL externalUrl;
     try {
@@ -150,7 +152,7 @@ protected Handlers createHandlers(Config config) {
       bus,
       newSessionQueueOptions.getSessionRequestRetryInterval(),
       newSessionQueueOptions.getSessionRequestTimeout());
-    NewSessionQueuer queuer = new LocalNewSessionQueuer(tracer, bus, sessionRequests);
+    NewSessionQueuer queuer = new LocalNewSessionQueuer(tracer, bus, sessionRequests, secret);
     handler.addHandler(queuer);
 
     Distributor distributor = new LocalDistributor(
@@ -159,7 +161,7 @@ protected Handlers createHandlers(Config config) {
       clientFactory,
       sessions,
       queuer,
-      secretOptions.getRegistrationSecret());
+      secret);
     handler.addHandler(distributor);
 
     Router router = new Router(tracer, clientFactory, sessions, queuer, distributor);

java/server/src/org/openqa/selenium/grid/commands/Standalone.java

@@ -149,7 +149,11 @@ protected Handlers createHandlers(Config config) {
       bus,
       newSessionQueueOptions.getSessionRequestRetryInterval(),
       newSessionQueueOptions.getSessionRequestTimeout());
-    NewSessionQueuer queuer = new LocalNewSessionQueuer(tracer, bus, sessionRequests);
+    NewSessionQueuer queuer = new LocalNewSessionQueuer(
+      tracer,
+      bus,
+      sessionRequests,
+      registrationSecret);
     combinedHandler.addHandler(queuer);
 
     Distributor distributor = new LocalDistributor(

java/server/src/org/openqa/selenium/grid/router/httpd/RouterServer.java

@@ -33,6 +33,7 @@
 import org.openqa.selenium.grid.log.LoggingOptions;
 import org.openqa.selenium.grid.router.ProxyCdpIntoGrid;
 import org.openqa.selenium.grid.router.Router;
+import org.openqa.selenium.grid.security.Secret;
 import org.openqa.selenium.grid.security.SecretOptions;
 import org.openqa.selenium.grid.server.BaseServerOptions;
 import org.openqa.selenium.grid.server.NetworkOptions;
@@ -110,25 +111,27 @@ protected Handlers createHandlers(Config config) {
     NetworkOptions networkOptions = new NetworkOptions(config);
     HttpClient.Factory clientFactory = networkOptions.getHttpClientFactory(tracer);
 
+    BaseServerOptions serverOptions = new BaseServerOptions(config);
+    SecretOptions secretOptions = new SecretOptions(config);
+    Secret secret = secretOptions.getRegistrationSecret();
+
     SessionMapOptions sessionsOptions = new SessionMapOptions(config);
     SessionMap sessions = sessionsOptions.getSessionMap();
 
     NewSessionQueuerOptions sessionQueuerOptions = new NewSessionQueuerOptions(config);
     URL sessionQueuerUrl = fromUri(sessionQueuerOptions.getSessionQueuerUri());
     NewSessionQueuer queuer = new RemoteNewSessionQueuer(
-        tracer,
-        clientFactory.createClient(sessionQueuerUrl));
-
-    BaseServerOptions serverOptions = new BaseServerOptions(config);
-    SecretOptions secretOptions = new SecretOptions(config);
+      tracer,
+      clientFactory.createClient(sessionQueuerUrl),
+      secret);
 
     DistributorOptions distributorOptions = new DistributorOptions(config);
     URL distributorUrl = fromUri(distributorOptions.getDistributorUri());
     Distributor distributor = new RemoteDistributor(
       tracer,
       clientFactory,
       distributorUrl,
-      secretOptions.getRegistrationSecret());
+      secret);
 
     GraphqlHandler graphqlHandler = new GraphqlHandler(tracer, distributor, serverOptions.getExternalUri());
 

java/server/src/org/openqa/selenium/grid/sessionqueue/BUILD.bazel

@@ -21,6 +21,7 @@ java_library(
         "//java/server/src/org/openqa/selenium/grid/log",
         "//java/server/src/org/openqa/selenium/status",
         "//java/server/src/org/openqa/selenium/remote/server/jmx",
+        "//java/server/src/org/openqa/selenium/grid/security",
         artifact("com.google.guava:guava"),
     ],
 )

java/server/src/org/openqa/selenium/grid/sessionqueue/NewSessionQueuer.java

@@ -27,6 +27,8 @@
 import org.openqa.selenium.Capabilities;
 import org.openqa.selenium.SessionNotCreatedException;
 import org.openqa.selenium.grid.data.RequestId;
+import org.openqa.selenium.grid.security.RequiresSecretFilter;
+import org.openqa.selenium.grid.security.Secret;
 import org.openqa.selenium.internal.Require;
 import org.openqa.selenium.remote.NewSessionPayload;
 import org.openqa.selenium.remote.http.HttpRequest;
@@ -54,20 +56,26 @@ public abstract class NewSessionQueuer implements HasReadyState, Routable {
   private final Route routes;
   protected final Tracer tracer;
 
-  protected NewSessionQueuer(Tracer tracer) {
+  protected NewSessionQueuer(Tracer tracer, Secret registrationSecret) {
     this.tracer = Require.nonNull("Tracer", tracer);
 
+    Require.nonNull("Registration secret", registrationSecret);
+    RequiresSecretFilter requiresSecret = new RequiresSecretFilter(registrationSecret);
+
     routes = combine(
-        post("/session")
-            .to(() -> this::addToQueue),
-        post("/se/grid/newsessionqueuer/session")
-            .to(() -> new AddToSessionQueue(tracer, this)),
-        post("/se/grid/newsessionqueuer/session/retry/{requestId}")
-            .to(params -> new AddBackToSessionQueue(tracer, this, requestIdFrom(params))),
-        get("/se/grid/newsessionqueuer/session/{requestId}")
-            .to(params -> new RemoveFromSessionQueue(tracer, this, requestIdFrom(params))),
-        delete("/se/grid/newsessionqueuer/queue")
-            .to(() -> new ClearSessionQueue(tracer, this)));
+      post("/session")
+        .to(() -> this::addToQueue),
+      post("/se/grid/newsessionqueuer/session")
+        .to(() -> new AddToSessionQueue(tracer, this)),
+      post("/se/grid/newsessionqueuer/session/retry/{requestId}")
+        .to(params -> new AddBackToSessionQueue(tracer, this, requestIdFrom(params)))
+        .with(requiresSecret),
+      get("/se/grid/newsessionqueuer/session/{requestId}")
+        .to(params -> new RemoveFromSessionQueue(tracer, this, requestIdFrom(params)))
+        .with(requiresSecret),
+      delete("/se/grid/newsessionqueuer/queue")
+        .to(() -> new ClearSessionQueue(tracer, this))
+        .with(requiresSecret));
   }
 
   private RequestId requestIdFrom(Map<String, String> params) {

java/server/src/org/openqa/selenium/grid/sessionqueue/local/BUILD.bazel

@@ -19,6 +19,7 @@ java_library(
         "//java/server/src/org/openqa/selenium/grid/sessionqueue",
         "//java/server/src/org/openqa/selenium/grid/sessionqueue/config",
         "//java/server/src/org/openqa/selenium/remote/server/jmx",
+        "//java/server/src/org/openqa/selenium/grid/security",
         artifact("com.google.guava:guava"),
     ],
 )

java/server/src/org/openqa/selenium/grid/sessionqueue/local/LocalNewSessionQueuer.java

@@ -21,6 +21,8 @@
 import org.openqa.selenium.grid.config.Config;
 import org.openqa.selenium.grid.data.RequestId;
 import org.openqa.selenium.grid.log.LoggingOptions;
+import org.openqa.selenium.grid.security.Secret;
+import org.openqa.selenium.grid.security.SecretOptions;
 import org.openqa.selenium.grid.server.EventBusOptions;
 import org.openqa.selenium.grid.sessionqueue.GetNewSessionResponse;
 import org.openqa.selenium.grid.sessionqueue.NewSessionQueue;
@@ -42,8 +44,9 @@ public class LocalNewSessionQueuer extends NewSessionQueuer {
   public LocalNewSessionQueuer(
     Tracer tracer,
     EventBus bus,
-    NewSessionQueue sessionRequests) {
-    super(tracer);
+    NewSessionQueue sessionRequests,
+    Secret registrationSecret) {
+    super(tracer, registrationSecret);
     this.bus = Require.nonNull("Event bus", bus);
     this.sessionRequests = Require.nonNull("New Session Request Queue", sessionRequests);
   }
@@ -58,7 +61,11 @@ public static NewSessionQueuer create(Config config) {
         bus,
         retryInterval,
         requestTimeout);
-    return new LocalNewSessionQueuer(tracer, bus, sessionRequests);
+
+    SecretOptions secretOptions = new SecretOptions(config);
+    Secret registrationSecret = secretOptions.getRegistrationSecret();
+
+    return new LocalNewSessionQueuer(tracer, bus, sessionRequests, registrationSecret);
   }
 
   @Override

java/server/src/org/openqa/selenium/grid/sessionqueue/remote/BUILD.bazel

@@ -18,6 +18,7 @@ java_library(
         "//java/server/src/org/openqa/selenium/grid/sessionqueue",
         "//java/server/src/org/openqa/selenium/grid/sessionqueue/config",
         "//java/server/src/org/openqa/selenium/grid/web",
+        "//java/server/src/org/openqa/selenium/grid/security",
         artifact("com.google.guava:guava"),
     ],
 )

java/server/src/org/openqa/selenium/grid/sessionqueue/remote/RemoteNewSessionQueuer.java

@@ -27,11 +27,15 @@
 import org.openqa.selenium.grid.config.Config;
 import org.openqa.selenium.grid.data.RequestId;
 import org.openqa.selenium.grid.log.LoggingOptions;
+import org.openqa.selenium.grid.security.AddSecretFilter;
+import org.openqa.selenium.grid.security.Secret;
+import org.openqa.selenium.grid.security.SecretOptions;
 import org.openqa.selenium.grid.server.NetworkOptions;
 import org.openqa.selenium.grid.sessionqueue.NewSessionQueuer;
 import org.openqa.selenium.grid.sessionqueue.config.NewSessionQueuerOptions;
 import org.openqa.selenium.grid.web.Values;
 import org.openqa.selenium.internal.Require;
+import org.openqa.selenium.remote.http.Filter;
 import org.openqa.selenium.remote.http.HttpClient;
 import org.openqa.selenium.remote.http.HttpRequest;
 import org.openqa.selenium.remote.http.HttpResponse;
@@ -50,19 +54,29 @@ public class RemoteNewSessionQueuer extends NewSessionQueuer {
   private final HttpClient client;
   private static final String timestampHeader= SESSIONREQUEST_TIMESTAMP_HEADER;
   private static final String reqIdHeader= SESSIONREQUEST_ID_HEADER;
+  private final Filter addSecret;
 
-  public RemoteNewSessionQueuer(Tracer tracer, HttpClient client) {
-    super(tracer);
+  public RemoteNewSessionQueuer(Tracer tracer, HttpClient client, Secret registrationSecret) {
+    super(tracer, registrationSecret);
     this.client = Require.nonNull("HTTP client", client);
+
+    Require.nonNull("Registration secret", registrationSecret);
+    this.addSecret = new AddSecretFilter(registrationSecret);
   }
 
   public static NewSessionQueuer create(Config config) {
     Tracer tracer = new LoggingOptions(config).getTracer();
     URI uri = new NewSessionQueuerOptions(config).getSessionQueuerUri();
     HttpClient.Factory clientFactory = new NetworkOptions(config).getHttpClientFactory(tracer);
 
+    SecretOptions secretOptions = new SecretOptions(config);
+    Secret registrationSecret = secretOptions.getRegistrationSecret();
+
     try {
-      return new RemoteNewSessionQueuer(tracer, clientFactory.createClient(uri.toURL()));
+      return new RemoteNewSessionQueuer(
+        tracer,
+        clientFactory.createClient(uri.toURL()),
+        registrationSecret);
     } catch (MalformedURLException e) {
       throw new UncheckedIOException(e);
     }
@@ -84,7 +98,7 @@ public boolean retryAddToQueue(HttpRequest request, RequestId reqId) {
     upstream.setContent(request.getContent());
     upstream.setHeader(timestampHeader, request.getHeader(timestampHeader));
     upstream.setHeader(reqIdHeader, reqId.toString());
-    HttpResponse response = client.execute(upstream);
+    HttpResponse response = client.with(addSecret).execute(upstream);
     return Values.get(response, Boolean.class);
   }
 
@@ -93,7 +107,7 @@ public Optional<HttpRequest> remove(RequestId reqId) {
     HttpRequest upstream =
         new HttpRequest(GET, "/se/grid/newsessionqueuer/session/" + reqId.toString());
     HttpTracing.inject(tracer, tracer.getCurrentContext(), upstream);
-    HttpResponse response = client.execute(upstream);
+    HttpResponse response = client.with(addSecret).execute(upstream);
 
     if(response.getStatus()==HTTP_OK) {
       HttpRequest httpRequest = new HttpRequest(POST, "/session");
@@ -110,7 +124,7 @@ public Optional<HttpRequest> remove(RequestId reqId) {
   public int clearQueue() {
     HttpRequest upstream = new HttpRequest(DELETE, "/se/grid/newsessionqueuer/queue");
     HttpTracing.inject(tracer, tracer.getCurrentContext(), upstream);
-    HttpResponse response = client.execute(upstream);
+    HttpResponse response = client.with(addSecret).execute(upstream);
 
     return Values.get(response, Integer.class);
   }

java/server/test/org/openqa/selenium/grid/distributor/AddingNodesTest.java

@@ -107,7 +107,11 @@ public void setUpDistributor() throws MalformedURLException {
       bus,
       Duration.ofSeconds(2),
       Duration.ofSeconds(2));
-    LocalNewSessionQueuer queuer = new LocalNewSessionQueuer(tracer, bus, localNewSessionQueue);
+    LocalNewSessionQueuer queuer = new LocalNewSessionQueuer(
+      tracer,
+      bus,
+      localNewSessionQueue,
+      registrationSecret);
     Distributor local = new LocalDistributor(
       tracer,
       bus,